Heartbleed OpenSSL Bug

Question

Answer

CommuniGate Pro does not use OpenSSL (not the library itself, nor any parts of the source code) and does not support the Heartbeat extension (RFC6520). It was the improper implementation of this extension in OpenSSL that lead to the vulnerability described in CVE-2014-0160.

In short, the SSL/TLS implementation in CommuniGate Pro is not affected by this OpenSSL bug.

However, if you are using certificates (wildcard certificates, certificates with alternative names) on your CommuniGate Pro server that are shared with other software (e.g. apache web servers) that might be using buggy OpenSSL versions, the private key could potentially have been leaked by that other software. In that case, it's better to consider re-generating the private key and obtaining a new certificate.